Denoising Adversarial Autoencoder for Obfuscated Traffic Detection and Recovery

  • Ola SalmanEmail author
  • Imad H. Elhajj
  • Ayman Kayssi
  • Ali Chehab
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12081)


Traffic classification is key for managing both QoS and security in the Internet of Things (IoT). However, new traffic obfuscation techniques have been developed to thwart classification. Traffic mutation is one such obfuscation technique, that consists of modifying the flow’s statistical characteristics to mislead the traffic classifier. In fact, this same technique can also be used to hide normal traffic characteristics for the sake of privacy. However, the concern is its use by attackers to bypass intrusion detection systems by modifying the attack traffic characteristics. In this paper, we propose an unsupervised Deep Learning (DL)-based model to detect mutated traffic. This model is based on generative DL architectures, namely Autoencoders (AE) and Generative Adversarial Network (GAN). This model consists of a denoising AE to de-anonymize the mutated traffic and a discriminator to detect it. The implementation results show that the traffic can be denoised when different mutation techniques are applied with a reconstruction error less than \(10^{-1}\). In addition, the detection rate of fake traffic reaches 83.7%.


Machine Learning Network security Traffic classification Obfuscation Deep Learning IoT Autoencoder Generative Adversarial Network 



Research funded by the AUB University Research Board, the Lebanese National Council for Scientific Research, and TELUS Corp., Canada.


  1. 1.
  2. 2.
    tensorflow. Accessed 2019
  3. 3.
    Alom, M.Z., Taha, T.M.: Network intrusion detection for cyber security using unsupervised deep learning approaches. In: 2017 IEEE National Aerospace and Electronics Conference (NAECON), pp. 63–69. IEEE (2017)Google Scholar
  4. 4.
    Baddar, S.A.H., Merlo, A., Migliardi, M.: Behavioral-anomaly detection in forensics analysis. IEEE Secur. Privacy 17(1), 55–62 (2019)CrossRefGoogle Scholar
  5. 5.
    Beggel, L., Pfeiffer, M., Bischl, B.: Robust anomaly detection in images using adversarial autoencoders. arXiv preprint arXiv:1901.06355 (2019)
  6. 6.
    Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18(2), 1153–1176 (2015)CrossRefGoogle Scholar
  7. 7.
    Qu, B., Zhang, Z., Guo, L., Zhu, X., Guo, L., Meng, D.: An empirical study of morphing on network traffic classification. In: 7th International Conference on Communications and Networking in China, pp. 227–232, August 2012.
  8. 8.
    Callado, A.C., et al.: A survey on internet traffic identification. IEEE Commun. Surv. Tutorials 11(3), 37–52 (2009)CrossRefGoogle Scholar
  9. 9.
    Cao, Z., Xiong, G., Zhao, Y., Li, Z., Guo, L.: A survey on encrypted traffic classification. In: Batten, L., Li, G., Niu, W., Warren, M. (eds.) ATIS 2014. CCIS, vol. 490, pp. 73–81. Springer, Heidelberg (2014). Scholar
  10. 10.
    Chaabouni, N., Mosbah, M., Zemmari, A., Sauvignac, C., Faruki, P.: Network intrusion detection for IoT security based on learning techniques. IEEE Commun. Surv. Tutorials 21, 2671–2701 (2019)Google Scholar
  11. 11.
    Chaddad, L., Chehab, A., Elhajj, I.H., Kayssi, A.: App traffic mutation: toward defending against mobile statistical traffic analysis. In: IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 27–32, April 2018.
  12. 12.
    Chaddad, L., Chehab, A., Elhajj, I.H., Kayssi, A.: Mobile traffic anonymization through probabilistic distribution. In: 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), pp. 242–248, February 2019.
  13. 13.
    Chalapathy, R., Chawla, S.: Deep learning for anomaly detection: A survey. arXiv preprint arXiv:1901.03407 (2019)
  14. 14.
    Chen, Z., He, K., Li, J., Geng, Y.: Seq2Img: a sequence-to-image based approach towards IP traffic classification using convolutional neural networks. In: 2017 IEEE International Conference on Big Data (Big Data), pp. 1271–1276. IEEE (2017)Google Scholar
  15. 15.
    Cheng, T., Lin, Y., Lai, Y., Lin, P.: Evasion techniques: sneaking through your intrusion detection/prevention systems. IEEE Commun. Surv. Tutorials 14(4), 1011–1020 (2012).
  16. 16.
    da Costa, K.A., Papa, J.P., Lisboa, C.O., Munoz, R., de Albuquerque, V.H.C.: Internet of things: a survey on machine learning-based intrusion detection approaches. Comput. Netw. 151, 147–157 (2019)CrossRefGoogle Scholar
  17. 17.
    Creswell, A., Bharath, A.A.: Denoising adversarial autoencoders. IEEE Trans. Neural Netw. Learn. Syst. 30(4), 968–984 (2018)CrossRefGoogle Scholar
  18. 18.
    Dainotti, A., Pescape, A., Claffy, K.C.: Issues and future directions in traffic classification. IEEE Netw. 26(1), 35–40 (2012)CrossRefGoogle Scholar
  19. 19.
    Deecke, L., Vandermeulen, R., Ruff, L., Mandt, S., Kloft, M.: Image anomaly detection with generative adversarial networks. In: Berlingerio, M., Bonchi, F., Gärtner, T., Hurley, N., Ifrim, G. (eds.) ECML PKDD 2018. LNCS (LNAI), vol. 11051, pp. 3–17. Springer, Cham (2019). Scholar
  20. 20.
    Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, i still see you: why efficient traffic analysis countermeasures fail. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 332–346. IEEE Computer Society, Washington, DC (2012).
  21. 21.
    Fadlullah, Z.M., et al.: State-of-the-art deep learning: evolving machine intelligence toward tomorrow’s intelligent network traffic control systems. IEEE Commun. Surv. Tutorials 19(4), 2432–2455 (2017)CrossRefGoogle Scholar
  22. 22.
    Finsterbusch, M., Richter, C., Rocha, E., Muller, J.A., Hanssgen, K.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutorials 16(2), 1135–1156 (2013)CrossRefGoogle Scholar
  23. 23.
    Ger, S., Klabjan, D.: Autoencoders and generative adversarial networks for anomaly detection for sequences. arXiv preprint arXiv:1901.02514 (2019)
  24. 24.
    Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, pp. 2672–2680 (2014)Google Scholar
  25. 25.
    Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 20 (2019).
  26. 26.
    Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset. Future Gen. Comput. Syst. 100, 779–796 (2019).,
  27. 27.
    Li, D., Chen, D., Goh, J., Ng, S.K.: Anomaly detection with generative adversarial networks for multivariate time series. arXiv preprint arXiv:1809.04758 (2018)
  28. 28.
    Lin, Z., Shi, Y., Xue, Z.: IDSGAN: generative adversarial networks for attack generation against intrusion detection. CoRR abs/1809.02077 (2018).
  29. 29.
    Liu, H., Lang, B., Liu, M., Yan, H.: CNN and RNN based payload classification methods for attack detection. Knowl.-Based Syst. 163, 332–341 (2019)CrossRefGoogle Scholar
  30. 30.
    Makhzani, A., Shlens, J., Jaitly, N., Goodfellow, I., Frey, B.: Adversarial autoencoders. arXiv preprint arXiv:1511.05644 (2015)
  31. 31.
    Munir, M., Siddiqui, S.A., Dengel, A., Ahmed, S.: DeepAnT: a deep learning approach for unsupervised anomaly detection in time series. IEEE Access 7, 1991–2005 (2018)CrossRefGoogle Scholar
  32. 32.
    Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutorials 10(4), 56–76 (2008)CrossRefGoogle Scholar
  33. 33.
    Pacheco, F., Exposito, E., Gineste, M., Baudoin, C., Aguilar, J.: Towards the deployment of machine learning solutions in network traffic classification: a systematic survey. IEEE Commun. Surv. Tutorials 21(2), 1988–2014 (2018)CrossRefGoogle Scholar
  34. 34.
    Perrone, G., Vecchio, M., Pecori, R., Giaffreda, R.: The day after mirai: a survey on MQTT security solutions after the largest cyber-attack carried out through an army of IoT devices. In: IoTBDS, pp. 246–253 (2017)Google Scholar
  35. 35.
    Qu, B., Zhang, Z., Zhu, X., Meng, D.: An empirical study of morphing on behavior-based network traffic classification. Secur. Commun. Netw. 8(1), 68–79 (2015).
  36. 36.
    Rezaei, S., Liu, X.: Deep learning for encrypted traffic classification: an overview. IEEE Commun. Mag. 57(5), 76–81 (2019)CrossRefGoogle Scholar
  37. 37.
    Rigaki, M., Garcia, S.: Bringing a GAN to a knife-fight: adapting malware communication to avoid detection. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 70–75, May 2018.
  38. 38.
    Salman, O., Elhajj, I.H., Chehab, A., Kayssi, A.: A multi-level internet traffic classifier using deep learning. In: 2018 9th International Conference on the Network of the Future (NOF), pp. 68–75, November 2018.
  39. 39.
    Smit, D., Millar, K., Page, C., Cheng, A., Chew, H.G., Lim, C.C.: Looking deeper: using deep learning to identify internet communications traffic. In: 2017 Australasian Conference of Undergraduate Research (ACUR) (2017)Google Scholar
  40. 40.
    Tripathi, S., Lipton, Z.C., Nguyen, T.Q.: Correction by projection: denoising images with generative adversarial networks. arXiv preprint arXiv:1803.04477 (2018)
  41. 41.
    Umer, M.F., Sher, M., Bi, Y.: A two-stage flow-based intrusion detection model for next-generation networks. PLoS One 13(1), e0180945 (2018)CrossRefGoogle Scholar
  42. 42.
    Verma, G., Ciftcioglu, E., Sheatsley, R., Chan, K., Scott, L.: Network traffic obfuscation: an adversarial machine learning approach. In: MILCOM 2018–2018 IEEE Military Communications Conference (MILCOM), pp. 1–6, October 2018.
  43. 43.
    Vinayakumar, R., Alazab, M., Soman, K., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7, 41525–41550 (2019)CrossRefGoogle Scholar
  44. 44.
    Vu, H.S., Ueta, D., Hashimoto, K., Maeno, K., Pranata, S., Shen, S.M.: Anomaly detection with adversarial dual autoencoders. arXiv preprint arXiv:1902.06924 (2019)
  45. 45.
    Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48. IEEE (2017)Google Scholar
  46. 46.
    Wang, X., Du, Y., Lin, S., Cui, P., Yang, Y.: Self-adversarial variational autoencoder with Gaussian anomaly prior distribution for anomaly detection. arXiv preprint arXiv:1903.00904 (2019)
  47. 47.
    Warde-Farley, D., Bengio, Y.: Improving generative adversarial networks with denoising feature matching (2016)Google Scholar
  48. 48.
    Xiao, Y., Xing, C., Zhang, T., Zhao, Z.: An intrusion detection model based on feature reduction and convolutional neural networks. IEEE Access 7, 42210–42219 (2019)CrossRefGoogle Scholar
  49. 49.
    Fu, X., Graham, B., Bettati, R., Zhao, W.: On effectiveness of link padding for statistical traffic analysis attacks. In: 2003 Proceedings of 23rd International Conference on Distributed Computing Systems, pp. 340–347, May 2003.
  50. 50.
    Zenati, H., Foo, C.S., Lecouat, B., Manek, G., Chandrasekhar, V.R.: Efficient GAN-based anomaly detection. arXiv preprint arXiv:1802.06222 (2018)
  51. 51.
    Zhang, H., Yu, X., Ren, P., Luo, C., Min, G.: Deep adversarial learning in intrusion detection: A data augmentation enhanced framework. CoRR abs/1901.07949 (2019).

Copyright information

© IFIP International Federation for Information Processing 2020

Authors and Affiliations

  • Ola Salman
    • 1
    Email author
  • Imad H. Elhajj
    • 1
  • Ayman Kayssi
    • 1
  • Ali Chehab
    • 1
  1. 1.Department of Electrical and Computer EngineeringAmerican University of BeirutBeirutLebanon

Personalised recommendations